Security News > 2022 > November > Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files.
To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."
The Ukrainian cyber experts believe that the attack was effected by Russian hacktivists that go by FRwL, with help from an initial access broker.
The team does not specify at which point the hacktivists took the attack over from the IAB, but say that, "Having gained remote access to the organization's computer network using a VPN, the attackers conducted reconnaissance, launched the Cobalt Strike Beacon program, and also exfiltrated data, as evidenced by the use of the R?lone program."
"FRwL, whose activity is monitored by CERT-UA under the identifier UAC-0118, took responsibility for the unauthorized intervention in the operation of automated systems and electronic computing machines of the target of the attack," the Ukrainians say.
FRwL have been launching similar attacks against Ukrainian targets since the spring of 2022, but this time the ransomware used is different, as it uses a different algorithm to encrypt files with a variety of extensions.
News URL
https://www.helpnetsecurity.com/2022/11/14/somnia-ransomware-ukrainian/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- UK disrupts Russian money laundering networks used by ransomware (source)
- Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)